CISA Warns of Hackers Exploiting Critical Atlassian Bitbucket Server Vulnerability

Products You May Like

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed critical flaw impacting Atlassian’s Bitbucket Server and Data Center to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

Tracked as CVE-2022-36804, the issue relates to a command injection vulnerability that could allow malicious actors to gain arbitrary code execution on susceptible installations by sending a specially crafted HTTP request.

Successful exploitation, however, banks on the prerequisite that the attacker already has access to a public repository or possesses read permissions to a private Bitbucket repository.

CyberSecurity

“All versions of Bitbucket Server and Datacenter released after 6.10.17 including 7.0.0 and newer are affected, this means that all instances that are running any versions between 7.0.0 and 8.3.0 inclusive are affected by this vulnerability,” Atlassian noted in a late August 2022 advisory.

CISA did not provide further details about how the flaw is being exploited and how widespread exploitation efforts are, but GreyNoise said it detected evidence of in-the-wild abuse on September 20 and 23.

As countermeasures, all Federal Civilian Executive Branch (FCEB) agencies are required to remediate the vulnerabilities by October 21, 2022 to protect networks against active threats.

Cyber Security

Products You May Like

Articles You May Like

Elon Musk Tells Employees He Wants Twitter to Have Encrypted DMs With Video, Voice Chat Support: Report
Millions of Android Devices Still Don’t Have Patches for Mali GPU Flaws
Vivo X90, Vivo X90 Pro, Vivo X90 Pro+ With 120Hz Displays, 32-Megapixel Selfie Camera Launched: Price, Specifications
Walmart overtakes Amazon in shoppers’ search for Black Friday bargains
U.K. Police Arrest 142 in Global Crackdown on ‘iSpoof’ Phone Spoofing Service

Leave a Reply

Your email address will not be published. Required fields are marked *